In this document we will discuss about comprehensive and technical risk analysis and below are the summary points of this document:-
The technical risk assessment procedure for a small-scale IT company that has implemented a technological environment and needs to conduct a technical risk analysis.
The risk assessment would be based on assets, vulnerabilities, threats, and consequences derived from the IT control framework.
The industry risk recommendations and the process to mitigate the threats would also be specified along with the impact of the mitigation process on the organization.
The document also provides an overview of the organization, including its infrastructure and the problems handled by various departments.
The organization stores its codes and documentation in specific servers that are publicly accessible via the Internet, and there is a lack of a full-time administrator, so temporary staff manages the servers.
The key threats in the operations of the organization are identified, including lack of maintenance of the hardware and software, utilization of services to present to customers, compromising of host, and no firewall security system or email/virus protection.